gobuster

Gobuster is a widely used tool for web enumeration, allowing security professionals and penetration testers to discover hidden directories, subdomains, and virtual hosts on web applications. This tool helps uncover critical information that could be leveraged in an attack simulation.

Installing Gobuster

Gobuster is pre-installed on Kali Linux. If you need to install it manually, use the following command:

sudo apt install gobuster

Using Gobuster for Web Enumeration

Gobuster provides multiple functionalities, including directory brute-forcing, subdomain enumeration, and virtual host discovery.

Directory Enumeration

To discover hidden directories on a target website, use:

gobuster dir -u <URL> -w <WORDLIST> -t 64

Where:

  • -u <URL> specifies the target URL.

  • -w <WORDLIST> defines the wordlist used for brute-forcing.

  • -t 64 sets the number of concurrent threads (higher values increase speed but may cause server restrictions).

Useful Wordlists

Kali Linux provides built-in wordlists for directory enumeration:

/usr/share/wordlists/dirbuster/
/usr/share/wordlists/dirb/

Enumerating Files with Specific Extensions

To search for specific file extensions such as .html, .js, and .css, use:

gobuster dir -u <URL> -w <WORDLIST> -x <EXTENSIONS>

For example:

gobuster dir -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .html,.css,.js

Subdomain Enumeration

Gobuster can also be used for subdomain enumeration:

gobuster dns -d <Domain> -w <wordlist> -t 64

Where:

  • -d <Domain> specifies the target domain.

  • -w <wordlist> defines the list of possible subdomains.

Example:

gobuster dns -d mydomain.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Virtual Host Enumeration

Virtual host enumeration can be used to discover additional hostnames for a given domain:

gobuster vhost -u <URL> --domain <DOMAIN> -w <WORDLIST> --append-domain --exclude-length 250-320

Where:

  • --append-domain automatically appends the domain name to the wordlist entries.

  • --exclude-length 250-320 filters out responses with specific lengths.

Example:

gobuster vhost -u http://example.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain --exclude-length 250-320

PreviousWebNextdirb

Last updated